- Get Started with Attack Surface Insights
- Search for Entities in Attack Surface Insights
- View Entities in Attack Surface Insights
- Manage Entities in Attack Surface Insights
- Entity Attributes
Attack Surface Insights Considerations
Review limitations, best practices, and other considerations to keep in mind when using Attack Surface Insights.
For Attack Surface Insights to analyze and extract entities from incoming logs, those logs must be properly parsed.
For Attack Surface Insights to enrich entities with context data, you must onboard context tables from a supported context source in Context Management or customize the User Entity Links pre-built context table.
Currently, Attack Surface Insights can't enrich entities with context data from custom context tables. For more control over the context data with which entities are enriched, use the User Entity Links pre-built context table to define custom linking for user entities.
If you configure multiple context sources, by default, Attack Surface Insights enriches entities with context data from your Microsoft Active Directory and User Entity Links context tables first, then context data from the next available context source. To ensure entities are enriched by another context source before Microsoft Active Directory and the User Entity Links context table, configure that context source first before you configure Microsoft Active Directory.
Attack Surface Insights can't differentiate between host names, device names, and IP addresses with the same name. Host names, device names, and IP addresses with the same name are considered a single account.
Site IDs are not supported.